<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: customers_sik.php 41 2013-09-21 11:55:50Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 41 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-21 11:55:50 +0000 (Sat, 21 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

require ('includes/application_top.php');
require_once (DIR_FS_INC.'inc.validate_vatid_status.php');
require_once (DIR_FS_INC.'inc.get_geo_zone_code.php');
require_once (DIR_FS_INC.'inc.encrypt_password.php');
require_once (DIR_FS_INC.'inc.js_lang.php');

$customers_statuses_array = get_customers_statuses();

if ($_GET['special'] == 'remove_memo') {
	$mID = $_GET['mID'];
	$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_MEMO." WHERE memo_id = '".$mID."'");
	redirect(href_link(FILENAME_CUSTOMERS_SIK, 'cID='.(int) $_GET['cID'].'&action=edit'));
}

if ($_GET['action'] == 'edit' || $_GET['action'] == 'update') {
	if ($_GET['cID'] == 1 && $_SESSION['customer_id'] == 1) {
	} else {
		if ($_GET['cID'] != 1) {
		} else {
			redirect(href_link(FILENAME_CUSTOMERS_SIK, ''));
		}
	}
}

if ($_GET['action']) {
	switch ($_GET['action']) {
		case 'new_order' :

			$customers1 = $db->db_query("SELECT * FRROM ".TABLE_CUSTOMERS_SIK." WHERE customers_id = '".$_GET['cID']."'");

			$customers = $db->db_query("SELECT * FROM ".TABLE_ADDRESS_BOOK." WHERE customers_id = '".$_GET['cID']."'");

			$country = $db->db_query("SELECT countries_name FROM ".TABLE_COUNTRIES." WHERE countries_id = '".$customers->fields['entry_country_id']."'");

			$stat->fields = $db->db_query("SELECT * FROM ".TABLE_CUSTOMERS_STATUS." WHERE customers_status_id = '".$customers1->fields['customers_status']."'");

			$sql_data_array = array('customers_id' => $customers->fields['customers_id'], 
									'customers_cid' => $customers1->fields['customers_cid'], 
									'customers_vat_id' => $customers1->fields['customers_vat_id'], 
									'customers_status' => $customers1->fields['customers_status'], 
									'customers_status_name' => $stat->fields['customers_status_name'], 
									'customers_status_image' => $stat->fields['customers_status_image'], 
									'customers_status_discount' => $stat->fields['customers_status_discount'], 
									'customers_name' => $customers->fields['entry_firstname'].' '.$customers->fields['entry_lastname'], 
									'customers_company' => $customers->fields['entry_company'], 
									'customers_street_address' => $customers->fields['entry_street_address'], 
									'customers_suburb' => $customers->fields['entry_suburb'], 
									'customers_city' => $customers->fields['entry_city'], 
									'customers_postcode' => $customers->fields['entry_postcode'], 
									'customers_state' => $customers->fields['entry_state'], 
									'customers_country' => $country->fields['countries_name'], 
									'customers_telephone' => $customers1->fields['customers_telephone'], 
									'customers_email_address' => $customers1->fields['customers_email_address'], 
									'customers_address_format_id' => '5', 
									'customers_ip' => '0', 
									'delivery_name' => $customers->fields['entry_firstname'].' '.$customers->fields['entry_lastname'], 
									'delivery_company' => $customers->fields['entry_company'], 
									'delivery_street_address' => $customers->fields['entry_street_address'], 
									'delivery_suburb' => $customers->fields['entry_suburb'], 
									'delivery_city' => $customers->fields['entry_city'], 
									'delivery_postcode' => $customers->fields['entry_postcode'], 
									'delivery_state' => $customers->fields['entry_state'], 
									'delivery_country' => $country->fields['countries_name'], 
									'delivery_address_format_id' => '5', 
									'billing_name' => $customers->fields['entry_firstname'].' '.$customers->fields['entry_lastname'], 
									'billing_company' => $customers->fields['entry_company'], 
									'billing_street_address' => $customers->fields['entry_street_address'], 
									'billing_suburb' => $customers->fields['entry_suburb'], 
									'billing_city' => $customers->fields['entry_city'], 
									'billing_postcode' => $customers->fields['entry_postcode'], 
									'billing_state' => $customers->fields['entry_state'], 
									'billing_country' => $country->fields['countries_name'], 
									'billing_address_format_id' => '5', 
									'payment_method' => 'cod', 
									'comments' => '', 
									'last_modified' => 'now()', 
									'date_purchased' => 'now()', 
									'orders_status' => '1', 
									'orders_date_finished' => '', 
									'currency' => 'EUR', 
									'currency_value' => '1.0000', 
									'account_type' => '0', 
									'payment_class' => 'cod', 
									'shipping_method' => 'Pauschale Versandkosten', 
									'shipping_class' => 'flat_flat', 
									'customers_ip' => '', 
									'language' => 'german');

			$insert_sql_data = array ('currency_value' => '1.0000');
			$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
			$db->db_perform(TABLE_ORDERS, $sql_data_array);
			$orders_id = $db->db_insert_id();

			$sql_data_array = array ('orders_id' => $orders_id, 'title' => '<b>Summe</b>:', 'text' => '0', 'value' => '0', 'class' => 'ot_total');

			$insert_sql_data = array ('sort_order' => MODULE_ORDER_TOTAL_TOTAL_SORT_ORDER);
			$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
			$db->db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);

			$sql_data_array = array ('orders_id' => $orders_id, 'title' => '<b>Zwischensumme</b>:', 'text' => '0', 'value' => '0', 'class' => 'ot_subtotal');

			$insert_sql_data = array ('sort_order' => MODULE_ORDER_TOTAL_SUBTOTAL_SORT_ORDER);
			$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
			$db->db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);

			redirect(href_link(FILENAME_ORDERS, 'oID='.$orders_id.'&action=edit'));

			break;
		case 'statusconfirm' :
			$customers_id = $_GET['cID'];
			$customer_updated = false;
			$check_status = $db->db_query("SELECT 
												customers_firstname, 
												customers_lastname, 
												customers_email_address, 
												customers_status, 
												member_flag 
											FROM 
												".TABLE_CUSTOMERS_SIK." 
											WHERE 
												customers_id = ".$db->db_prepare($_GET['cID']));
			if ($check_status['customers_status'] != $stat->fieldsus) {
				$db->db_query("UPDATE 
									".TABLE_CUSTOMERS_SIK." 
								SET 
									customers_status = ".$db->db_prepare($_POST['status'])." 
								WHERE 
									customers_id = ".$db->db_prepare($_GET['cID']));

				if($_POST['status'] == 0)
					$db->db_query("INSERT INTO ".TABLE_ADMIN_ACCESS." (customers_id,start) VALUES (".$db->db_prepare($_GET['cID']).",'1')");
				else
					$db->db_query("DELETE FROM ".TABLE_ADMIN_ACCESS." WHERE customers_id = ".$db->db_prepare($_GET['cID']));
					
				//Temporarily set due to above commented lines
				$customer_notified = '0';
				$db->db_query("INSERT INTO ".TABLE_CUSTOMERS_STATUS_HISTORY." (customers_id, new_value, old_value, date_added, customer_notified) VALUES (".$db->db_prepare($_GET['cID']).", ".$db->db_prepare($_POST['status']).", '".$check_status['customers_status']."', now(), '".$customer_notified."')");
				$customer_updated = true;
			}
			redirect(href_link(FILENAME_CUSTOMERS_SIK, 'page='.$_GET['page'].'&cID='.$_GET['cID']));
			break;

		case 'update' :
			$customers_id = $_GET['cID'];
			$customers_cid = $_POST['csID'];
			$customers_vat_id = $_POST['customers_vat_id'];
			$customers_vat_id_status = $_POST['customers_vat_id_status'];
			$customers_firstname = $_POST['customers_firstname'];
			$customers_lastname = $_POST['customers_lastname'];
			$customers_email_address = $_POST['customers_email_address'];
			$customers_telephone = $_POST['customers_telephone'];
			$customers_fax = $_POST['customers_fax'];
			$customers_newsletter = $_POST['customers_newsletter'];

			$customers_gender = $_POST['customers_gender'];
			$customers_dob = $_POST['customers_dob'];

			$default_address_id = $_POST['default_address_id'];
			$entry_street_address = $_POST['entry_street_address'];
			$entry_suburb = $_POST['entry_suburb'];
			$entry_postcode = $_POST['entry_postcode'];
			$entry_city = $_POST['entry_city'];
			$entry_country_id = $_POST['entry_country_id'];

			$entry_company = $_POST['entry_company'];
			$entry_state = $_POST['entry_state'];
			$entry_zone_id = $_POST['entry_zone_id'];

			$memo_title = $_POST['memo_title'];
			$memo_text = $_POST['memo_text'];

			$payment_unallowed = $_POST['payment_unallowed'];
			$shipping_unallowed = $_POST['shipping_unallowed'];
			$password = $_POST['entry_password'];
			

			if ($memo_text != '' && $memo_title != '') {
				$sql_data_array = array('customers_id' => $_GET['cID'], 
										'memo_date' => date("Y-m-d"), 
										'memo_title' => $memo_title, 
										'memo_text' => $memo_text, 
										'poster_id' => $_SESSION['customer_id']);
				$db->db_perform(TABLE_CUSTOMERS_MEMO, $sql_data_array);
			}
			$error = false;

			if (strlen($customers_firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
				$error = true;
				$entry_firstname_error = true;
			} else
				$entry_firstname_error = false;

			if (strlen($customers_lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
				$error = true;
				$entry_lastname_error = true;
			} else
				$entry_lastname_error = false;

			if (ACCOUNT_DOB == 'true') {
				if (checkdate(substr(date_raw($customers_dob), 4, 2), substr(date_raw($customers_dob), 6, 2), substr(date_raw($customers_dob), 0, 4)))
					$entry_date_of_birth_error = false;
				else {
					$error = true;
					$entry_date_of_birth_error = true;
				}
			}

			// New VAT Check
				if (get_geo_zone_code($entry_country_id) != '6') {
				require_once(DIR_FS_CATALOG.DIR_WS_CLASSES.'class.vat_validation.php');
				$vatID = new vat_validation($customers_vat_id, $customers_id, '', $entry_country_id);
			
				$customers_vat_id_status = $vatID->vat_info['vat_id_status'];
				$error = $vatID->vat_info['error'];
			
				if($error==1){
				$entry_vat_error = true;
				$error = true;
			  }
			
			  }
			// New VAT CHECK END

			if (strlen($customers_email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
				$error = true;
				$entry_email_address_error = true;
			} else
				$entry_email_address_error = false;

			if (!validate_email($customers_email_address)) {
				$error = true;
				$entry_email_address_check_error = true;
			} else
				$entry_email_address_check_error = false;

			if (strlen($entry_street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
				$error = true;
				$entry_street_address_error = true;
			} else
				$entry_street_address_error = false;

			if (strlen($entry_postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
				$error = true;
				$entry_post_code_error = true;
			} else
				$entry_post_code_error = false;

			if (strlen($entry_city) < ENTRY_CITY_MIN_LENGTH) {
				$error = true;
				$entry_city_error = true;
			} else
				$entry_city_error = false;

			if ($entry_country_id == false) {
				$error = true;
				$entry_country_error = true;
			} else
				$entry_country_error = false;

			if (ACCOUNT_STATE == 'true') {
				if ($entry_country_error == true) {
					$entry_state_error = true;
				} else {
					$zone_id = 0;
					$entry_state_error = false;
					$check_value = $db->db_query("SELECT COUNT(*) AS total from ".TABLE_ZONES." WHERE zone_country_id = ".$db->db_prepare($entry_country_id));
					$entry_state_has_zones = $check_value->fields['total'] > 0;
					if ($entry_state_has_zones == true) {
						$zone_values = $db->db_query("SELECT zone_id from ".TABLE_ZONES." WHERE zone_country_id = ".$db->db_prepare($entry_country_id)." and zone_name = ".$db->db_prepare($entry_state));
						if ($zone_values->_numOfRows == 1) {
							$entry_zone_id = $zone_values->fields['zone_id'];
						} else {
							$zone_values = $db->db_query("SELECT zone_id from ".TABLE_ZONES." WHERE zone_country_id = ".$db->db_prepare($entry_country)." and zone_code = ".$db->db_prepare($entry_state));
							if ($zone_values->_numOfRows >= 1) {
								$zone_id = $zone_values->fields['zone_id'];
							} else {
								$error = true;
								$entry_state_error = true;
							}
						}
					} else {
						if ($entry_state == false) {
							$error = true;
							$entry_state_error = true;
						}
					}
				}
			}

			if (strlen($customers_telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
				$error = true;
				$entry_telephone_error = true;
			} else
				$entry_telephone_error = false;

			$check_email = $db->db_query("SELECT customers_email_address from ".TABLE_CUSTOMERS_SIK." WHERE customers_email_address = ".$db->db_prepare($customers_email_address)." and customers_id <> ".$db->db_prepare($customers_id));
			if ($check_email->_numOfRows) {
				$error = true;
				$entry_email_address_exists = true;
			} else
				$entry_email_address_exists = false;

			if ($error == false) {
				$sql_data_array = array('customers_firstname' => $customers_firstname, 
										'customers_cid' => $customers_cid, 
										'customers_vat_id' => $customers_vat_id, 
										'customers_vat_id_status' => $customers_vat_id_status, 
										'customers_lastname' => $customers_lastname, 
										'customers_email_address' => $customers_email_address, 
										'customers_telephone' => $customers_telephone, 
										'customers_fax' => $customers_fax, 
										'payment_unallowed' => $payment_unallowed, 
										'shipping_unallowed' => $shipping_unallowed, 
										'customers_newsletter' => $customers_newsletter,
										'customers_last_modified' => 'NOW()');

				// if new password is set
				if ($password != "")		
					$sql_data_array = array_merge($sql_data_array,array('customers_password' => encrypt_password($password)));						

				if (ACCOUNT_GENDER == 'true')
					$sql_data_array['customers_gender'] = $customers_gender;
				if (ACCOUNT_DOB == 'true')
					$sql_data_array['customers_dob'] = date_raw($customers_dob);

				$db->db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = ".$db->db_prepare($customers_id));

				$db->db_query("UPDATE ".TABLE_CUSTOMERS_INFO." SET customers_info_date_account_last_modified = NOW() WHERE customers_info_id = ".$db->db_prepare($customers_id));

				if ($entry_zone_id > 0)
					$entry_state = '';

				$sql_data_array = array('entry_firstname' => $customers_firstname, 
										'entry_lastname' => $customers_lastname, 
										'entry_street_address' => $entry_street_address, 
										'entry_postcode' => $entry_postcode, 
										'entry_city' => $entry_city, 
										'entry_country_id' => $entry_country_id,
										'address_last_modified' => 'NOW()');
				
				
				if (ACCOUNT_COMPANY == 'true')
					$sql_data_array['entry_company'] = $entry_company;
				if (ACCOUNT_SUBURB == 'true')
					$sql_data_array['entry_suburb'] = $entry_suburb;

				if (ACCOUNT_STATE == 'true') {
					if ($entry_zone_id > 0) {
						$sql_data_array['entry_zone_id'] = $entry_zone_id;
						$sql_data_array['entry_state'] = '';
					} else {
						$sql_data_array['entry_zone_id'] = '0';
						$sql_data_array['entry_state'] = $entry_state;
					}
				}

				$db->db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = ".$db->db_prepare($customers_id)." and address_book_id = ".$db->db_prepare($default_address_id));
				redirect(href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$customers_id));
			}
			elseif ($error == true) {
				$cInfo = new objectInfo($_POST);
				$processed = true;
			}

			break;
		case 'deleteconfirm' :
			$customers_id = $_GET['cID'];

			if ($_POST['delete_reviews'] == 'on') {
				$reviews = $db->db_query("SELECT reviews_id from ".TABLE_REVIEWS." WHERE customers_id = ".$db->db_prepare($customers_id));
				while (!$reviews->EOF) {
					$db->db_query("DELETE FROM ".TABLE_REVIEWS_DESCRIPTION." WHERE reviews_id = '".$reviews['reviews_id']."'");
					$reviews->MoveNext();
				}
				$db->db_query("DELETE FROM ".TABLE_REVIEWS." WHERE customers_id = ".$db->db_prepare($customers_id));
			} else
				$db->db_query("UPDATE ".TABLE_REVIEWS." set customers_id = null WHERE customers_id = ".$db->db_prepare($customers_id));

			$db->db_query("DELETE FROM ".TABLE_ADDRESS_BOOK." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_SIK." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_INFO." WHERE customers_info_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_BASKET." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_BASKET_ATTRIBUTES." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_PRODUCTS_NOTIFICATIONS." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_WHOS_ONLINE." WHERE customer_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_STATUS_HISTORY." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_CUSTOMERS_IP." WHERE customers_id = ".$db->db_prepare($customers_id));
			$db->db_query("DELETE FROM ".TABLE_ADMIN_ACCESS." WHERE customers_id = ".$db->db_prepare($customers_id));

			redirect(href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action'))));
			break;

		default :
			$customers = $db->db_query("SELECT 
											c.customers_id,
											c.customers_cid, 
											c.customers_gender, 
											c.customers_firstname, 
											c.customers_lastname, 
											c.customers_dob, 
											c.customers_email_address, 
											a.entry_company, 
											a.entry_street_address, 
											a.entry_suburb, 
											a.entry_postcode, 
											a.entry_city, 
											a.entry_state, 
											a.entry_zone_id, 
											a.entry_country_id, 
											c.customers_telephone, 
											c.customers_fax, 
											c.customers_newsletter, 
											c.customers_default_address_id 
										FROM 
											".TABLE_CUSTOMERS_SIK." c 
											LEFT JOIN ".TABLE_ADDRESS_BOOK." a 
												ON c.customers_default_address_id = a.address_book_id 
										WHERE 
											a.customers_id = c.customers_id 
										AND 
											c.customers_id = '".$_GET['cID']."'");
			$cInfo = new objectInfo($customers->fields);
	}
}

require(DIR_WS_INCLUDES . 'metatag.php');
?>
</head>
<body>
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<div id="wrapper">
<table class="outerTable" cellpadding="0" cellspacing="0">
  <tr>
    <td class="columnLeft2" width="<?php echo BOX_WIDTH; ?>" valign="top">
		<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
	</td>
    <td class="boxCenter" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td>
       <table class="table_pageHeading" border="0" width="100%" cellspacing="0" cellpadding="0">
	    <tr>
	     <td class="pageHeading">
	        <?php echo HEADING_TITLE; ?>
	     </td>
	   </tr>
	   </table>
        
        <table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
          	<td class="smallText" align="right" width="50%">
            	<?php echo draw_form('status', FILENAME_CUSTOMERS_SIK, '', 'get'); ?>
            		<?php echo HEADING_TITLE_STATUS . ' ' . draw_pull_down_menu('status',$customers_statuses_array, '99', 'onChange="this.form.submit();"'); ?>
            	<?php echo '</form>'; ?>
            </td>
            <td class="smallText" align="right">
            	<?php echo draw_form('search', FILENAME_CUSTOMERS_SIK, '', 'get'); ?>
            		<?php echo HEADING_TITLE_SEARCH . ' ' . draw_input_field('search'); ?>
            	<?php echo '</form>'; ?>
            </td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td valign="top"><table width="100%" cellspacing="0" cellpadding="0" class="dataTable">
              <tr class="dataTableHeadingRow">
                <td class="dataTableHeadingContent" width="40"><?php echo TABLE_HEADING_ACCOUNT_TYPE; ?></td>
                <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_LASTNAME.sorting(FILENAME_CUSTOMERS_SIK,'customers_lastname'); ?></td>
                <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_FIRSTNAME.sorting(FILENAME_CUSTOMERS_SIK,'customers_firstname'); ?></td>
                <td class="dataTableHeadingContent" align="left"><?php echo HEADING_TITLE_STATUS; ?></td>
                <?php if (ACCOUNT_COMPANY_VAT_CHECK == 'true') {?>
                <td class="dataTableHeadingContent" align="left"><?php echo HEADING_TITLE_VAT; ?></td>
                <?php } ?>
                <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACCOUNT_CREATED.sorting(FILENAME_CUSTOMERS_SIK,'date_account_created'); ?></td>
                <td class="dataTableHeadingContent last" align="right"><?php echo TABLE_HEADING_ACTION; ?>&nbsp;</td>
              </tr>
<?php

	$search = '';
	if (($_GET['search']) && (not_null($_GET['search']))) {
		$keywords = $db->db_prepare(($_GET['search']));
		$search = "and (c.customers_lastname like '%".$keywords."%' or c.customers_firstname like '%".$keywords."%' or c.customers_email_address like '%".$keywords."%')";
	}

	if ($_GET['status'] && $_GET['status'] != '100' or $_GET['status'] == '0') {
		$stat->fieldsus = $_GET['status'];
		//  echo $stat->fieldsus;
		$search = "and c.customers_status = '".$stat->fieldsus."'";
	}

	if ($_GET['sorting']) {
		switch ($_GET['sorting']) {

			case 'customers_firstname' :
				$sort = 'order by c.customers_firstname';
				break;

			case 'customers_firstname-desc' :
				$sort = 'order by c.customers_firstname DESC';
				break;

			case 'customers_lastname' :
				$sort = 'order by c.customers_lastname';
				break;

			case 'customers_lastname-desc' :
				$sort = 'order by c.customers_lastname DESC';
				break;

			case 'date_account_created' :
				$sort = 'order by ci.customers_info_date_account_created';
				break;

			case 'date_account_created-desc' :
				$sort = 'order by ci.customers_info_date_account_created DESC';
				break;
		}

	}

			$sql = "	SELECT
							c.account_type,
							c.customers_id,
							c.customers_vat_id,
							c.customers_vat_id_status,
							c.customers_lastname,
							c.customers_firstname,
							c.customers_email_address,
							a.entry_country_id,
							c.customers_status,
							c.member_flag,
							ci.customers_info_date_account_created
						FROM
							".TABLE_CUSTOMERS_SIK." c ,
							".TABLE_ADDRESS_BOOK." a,
							".TABLE_CUSTOMERS_INFO." ci
						WHERE
							c.customers_id = a.customers_id
						AND 
							c.customers_default_address_id = a.address_book_id
						AND 
							ci.customers_info_id = c.customers_id
							".$search."
						GROUP BY 
							c.customers_id
							".$sort;

	$query = page_break_create($_POST['per_site'], $_GET['page'], $sql, 'price_change.php');
	$customers = $query['query'];
	$i=1;
	while (!$customers->EOF) {
		$info = $db->db_query("	SELECT 
									customers_info_date_account_created as date_account_created, 
									customers_info_date_account_last_modified as date_account_last_modified, 
									customers_info_date_of_last_logon as date_last_logon, 
									customers_info_number_of_logons as number_of_logons 
								FROM 
									".TABLE_CUSTOMERS_INFO." 
								WHERE 
									customers_info_id = '".$customers->fields['customers_id']."'");

		if (((!$_GET['cID']) || (@ $_GET['cID'] == $customers->fields['customers_id'])) && (!$cInfo)) {
			$country->fields = $db->db_query("SELECT countries_name from ".TABLE_COUNTRIES." WHERE countries_id = '".$customers->fields['entry_country_id']."'");

			$reviews = $db->db_query("SELECT COUNT(*) AS number_of_reviews from ".TABLE_REVIEWS." WHERE customers_id = '".$customers->fields['customers_id']."'");

			$customer_info = array_merge($country->fields, $info->fields, $reviews->fields);

			$cInfo_array = array_merge($customers, $customer_info);
			$cInfo = new objectInfo($cInfo_array);
		}

		if ((is_object($cInfo)) && ($customers->fields['customers_id'] == $cInfo->customers_id)) {
			echo '          <tr class="dataTableRowSelected" onmouseover="this.style.cursor=\'pointer\'" onclick="document.location.href=\''.href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id.'&action=edit').'\'">'."\n";
		} else {
			if ($i % 2 == 0)
	    		$f = 'dataTableRow';
	    	else
	    		$f = '';
			echo '          <tr class="'.$f.'" onmouseover="this.className=\'dataTableRowOver\';this.style.cursor=\'pointer\'" onmouseout="this.className=\''.$f.'\'" onclick="document.location.href=\''.href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID')).'cID='.$customers->fields['customers_id']).'\'">'."\n";
		}

		if ($customers->fields['account_type'] == 1) {

			echo '<td class="dataTableContent">';
			echo TEXT_GUEST;

		} else {
			echo '<td class="dataTableContent">';
			echo TEXT_ACCOUNT;
		}
		echo '</td>';
?>
                <td class="dataTableContent"><b><?php echo $customers->fields['customers_lastname']; ?></b></td>
                <td class="dataTableContent"><?php echo $customers->fields['customers_firstname']; ?></td>
                <td class="dataTableContent" align="left"><?php echo $customers_statuses_array[$customers->fields['customers_status']]['text'] . ' (' . $customers->fields['customers_status'] . ')' ; ?></td>
                <?php if (ACCOUNT_COMPANY_VAT_CHECK == 'true') {?>
                <td class="dataTableContent" align="left">&nbsp;
                <?php

		if ($customers->fields['customers_vat_id']) {
			echo $customers->fields['customers_vat_id'].'<br /><span style="font-size:8pt"><nobr>('.validate_vatid_status($customers->fields['customers_id']).')</nobr></span>';
		}
?>
                </td>
                <?php } ?>
                <td class="dataTableContent" align="right"><?php echo date_short($info['date_account_created']); ?></td>
                <td class="dataTableContent last" align="right">
                	<?php 
                	if ( (is_object($cInfo)) && ($customers->fields['customers_id'] == $cInfo->customers_id) ) { 
                		echo image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); 
                	} else { 
                		echo '<a href="' . href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array('cID')) . 'cID=' . $customers->fields['customers_id']) . '">' . image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . '</a>'; 
                	} ?>&nbsp;</td>
               </tr>
				<?php $i++; $customers->MoveNext();} ?>
            </table>
            <table border="0" width="100%" cellspacing="0" cellpadding="2">
                <tr class="page_break">
					<td class="smallText" valign="top" width="33.3%"><?php echo 'Angezeigt werden '.$query['from'].' bis '.$query['to'].' (von insgesamt '.$query['total'].' Kunden)'; ?></td>
					<td class="smallText" align="center" width="33.3%"></td>
					<td class="smallText" align="right" width="33.3%">
						Kunden pro Seite: <?php echo $query['page_break']->perSiteDropdown($_GET['page']); ?>
					</td>
				</tr>
				<tr><td align="center" colspan="3"><?php echo '<br />'.$query['links']; ?></td></tr>
					<?php if (not_null($_GET['search'])) { ?>
                  	<tr>
                    	<td align="right" colspan="2"><?php echo '<a class="button" onClick="this.blur();" href="' . href_link(FILENAME_CUSTOMERS) . '">' . BUTTON_RESET . '</a>'; ?></td>
                  	</tr>
					<?php } ?>
                </table>
            </td>
		<?php
			$heading = array ();
			$contents = array ();
			switch ($_GET['action']) {
				case 'confirm' :
					$heading[] = array ('text' => '<b>'.TEXT_INFO_HEADING_DELETE_CUSTOMER.'</b>');
		
					$contents = array ('form' => draw_form('customers', FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id.'&action=deleteconfirm'));
					$contents[] = array ('text' => TEXT_DELETE_INTRO.'<br /><br /><b>'.$cInfo->customers_firstname.' '.$cInfo->customers_lastname.'</b>');
					if ($cInfo->number_of_reviews > 0)
						$contents[] = array ('text' => '<br />'.draw_checkbox_field('delete_reviews', 'on', true).' '.sprintf(TEXT_DELETE_REVIEWS, $cInfo->number_of_reviews));
					$contents[] = array ('align' => 'center', 'text' => '<br /><input type="submit" class="button" value="'.BUTTON_DELETE.'"><a class="button" href="'.href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id).'">'.BUTTON_CANCEL.'</a>');
					break;
		
				case 'editstatus' :
					if ($_GET['cID'] != 1) {
						$customers_history = $db->db_query("SELECT new_value, old_value, date_added, customer_notified from ".TABLE_CUSTOMERS_STATUS_HISTORY." WHERE customers_id = ".$db->db_prepare($_GET['cID'])." ORDER BY customers_status_history_id desc");
						$heading[] = array ('text' => '<b>'.TEXT_INFO_HEADING_STATUS_CUSTOMER.'</b>');
						$contents = array ('form' => draw_form('customers', FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id.'&action=statusconfirm'));
						$contents[] = array ('text' => '<br />'.draw_pull_down_menu('status', $customers_statuses_array, $cInfo->customers_status));
						$contents[] = array ('text' => '<table nowrap border="0" cellspacing="0" cellpadding="0"><tr><td style="border-bottom: 1px solid; border-color: #000000;" nowrap class="smallText" align="center"><b>'.TABLE_HEADING_NEW_VALUE.' </b></td><td style="border-bottom: 1px solid; border-color: #000000;" nowrap class="smallText" align="center"><b>'.TABLE_HEADING_DATE_ADDED.'</b></td></tr>');
		
						if ($customers_history->_numOfRows) {
							while (!$customers_history->EOF) {
		
								$contents[] = array ('text' => '<tr>'."\n".'<td class="smallText">'.$customers_statuses_array[$customers_history->fields['new_value']]['text'].'</td>'."\n".'<td class="smallText" align="center">'.datetime_short($customers_history->fields['date_added']).'</td>'."\n".'<td class="smallText" align="center">');
		
								$contents[] = array ('text' => '</tr>'."\n");
								$customers_history->MoveNext();
							}
						} else {
							$contents[] = array ('text' => '<tr>'."\n".' <td class="smallText" colspan="2">'.TEXT_NO_CUSTOMER_HISTORY.'</td>'."\n".' </tr>'."\n");
						}
						$contents[] = array ('text' => '</table>');
						$contents[] = array ('align' => 'center', 'text' => '<br /><input type="submit" class="button" value="'.BUTTON_UPDATE.'"><a class="button" href="'.href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id).'">'.BUTTON_CANCEL.'</a>');
						$stat->fieldsus = $_POST['status']; // maybe this line not needed to recheck...
					}
					break;
		
				default :
					$customer_status = get_customer_status($_GET['cID']);
					$cs_id = $customer_status->fields['customers_status'];
					$cs_member_flag = $customer_status->fields['member_flag'];
					$cs_name = $customer_status->fields['customers_status_name'];
					$cs_image = $customer_status->fields['customers_status_image'];
					$cs_discount = $customer_status->fields['customers_status_discount'];
					$cs_ot_discount_flag = $customer_status->fields['customers_status_ot_discount_flag'];
					$cs_ot_discount = $customer_status->fields['customers_status_ot_discount'];
					$cs_staffelpreise = $customer_status->fields['customers_status_staffelpreise'];
					$cs_payment_unallowed = $customer_status->fields['customers_status_payment_unallowed'];
		
					if (is_object($cInfo)) {
						$heading[] = array ('text' => '<b>'.$cInfo->customers_firstname.' '.$cInfo->customers_lastname.'</b>');
						
						if ($cInfo->customers_id != 1) {
							$contents[] = array ('align' => 'center', 'text' => '<br /><a class="button" onClick="this.blur();" href="'.href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id.'&action=confirm').'">'.BUTTON_DELETE.'</a> <a class="button" onClick="this.blur();" href="'.href_link(FILENAME_ORDERS, 'cID='.$cInfo->customers_id).'">'.BUTTON_ORDERS.'</a>');
						}
						
						$contents[] = array ('align' => 'center', 'text' => '<br /><a class="button" onClick="this.blur();" href="'.href_link(FILENAME_MAIL, 'selected_box=tools&customer='.$cInfo->customers_email_address).'">'.BUTTON_EMAIL.'</a> <a class="button" onClick="this.blur();" href="'.href_link(FILENAME_CUSTOMERS_SIK, get_all_get_params(array ('cID', 'action')).'cID='.$cInfo->customers_id.'&action=iplog').'">'.BUTTON_IPLOG.'</a>');
						$contents[] = array ('text' => '<br />'.TEXT_DATE_ACCOUNT_CREATED.' '.date_short($cInfo->date_account_created));
						$contents[] = array ('text' => '<br />'.TEXT_DATE_ACCOUNT_LAST_MODIFIED.' '.date_short($cInfo->date_account_last_modified));
						$contents[] = array ('text' => '<br />'.TEXT_INFO_DATE_LAST_LOGON.' '.date_short($cInfo->date_last_logon));
						$contents[] = array ('text' => '<br />'.TEXT_INFO_NUMBER_OF_LOGONS.' '.$cInfo->number_of_logons);
						$contents[] = array ('text' => '<br />'.TEXT_INFO_COUNTRY.' '.$cInfo->countries_name);
						$contents[] = array ('text' => '<br />'.TEXT_INFO_NUMBER_OF_REVIEWS.' '.$cInfo->number_of_reviews);
					}
		
					if ($_GET['action'] == 'iplog') {
						if (isset ($_GET['cID'])) {
							$contents[] = array ('text' => '<br /><b>IP-Log :');
							$customers_id = $_GET['cID'];
							$customers_log_info = get_user_info($customers_id);
							if ($customers_log_info->_numOfRows) {
								while (!$customers_log_info->EOF) {
									$contents[] = array ('text' => '<tr>'."\n".'<td class="smallText">'.$customers_log_info->fields['customers_ip_date'].' '.$customers_log_info->fields['customers_ip'].' '.$customers_log_info->fields['customers_advertiser']);
								$customers_log_info->MoveNext();
								}
							}
						}
						break;
					}
					}
					if ((not_null($heading)) && (not_null($contents))) {
						echo '<td width="25%" valign="top">'."\n";
						$box = new box;
						echo $box->infoBox($heading, $contents);
						echo '</td>'."\n";
					}
				?>
          </tr>
        </table></td>
      </tr>
    </table></td>
  </tr>
</table>
</div>
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>